[Free] 2018(Jan) EnsurePass Examcollection Juniper JN0-661 Dumps with VCE and PDF 11-20

Ensurepass.com : Ensure you pass the IT Exams
2018 Jan Juniper Official New Released JN0-661
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JN0-661.html

Juniper Networks Certified Internet Specialist, SEC (JNCIS-SEC)

Question No: 11 – (Topic 1)

What are two components of the Junos softwarearchitecture? (Choose two.)

  1. Linux kernel

  2. routing protocol daemon

  3. session-based forwarding module

  4. separate routing and security planes

Answer: B,C

Question No: 12 – (Topic 1)

A network administrator wants to permit Telnet traffic initiated from the address book entry the10net in a zone called UNTRUST to the address book entry Server in a zone called TRUST. However, the administrator does not want the server to be able to initiate any type of traffic from the TRUST zone to the UNTRUST zone.Which configuration statement would correctly accomplish this task?

  1. from-zone UNTRUST to-zone TRUST { policy DenyServer {

    match {

    source-address any; destination-address any; application any;

    }

    then { deny;

    }

    }

    }

    from-zone TRUST to-zone UNTRUST { policy AllowTelnetin {

    match {

    source-address the10net; destination-address Server; application junos-telnet;

    }

    then { permit;

    }

    }

    }

  2. from-zone TRUST to-zone UNTRUST { policy DenyServer {

    match {

    source-address Server; destination-address any;

    application any;

    }

    then { deny;

    }

    }

    }

    from-zone UNTRUST to-zone TRUST { policy AllowTelnetin {

    match {

    source-address the10net; destination-address Server; application junos-telnet;

    }

    then { permit;

    }

    }

    }

  3. from-zone UNTRUST to-zone TRUST { policy AllowTelnetin {

    match {

    source-address the10net; destination-address Server; application junos-ftp;

    }

    then { permit;

    }

    }

    }

  4. from-zone TRUST to-zone UNTRUST { policy DenyServer {

match {

source-address Server; destination-address any; application any;

}

then { permit;

}

}

}

from-zone UNTRUST to-zone TRUST { policy AllowTelnetin {

match {

source-address the10net; destination-address Server; application junos-telnet;

}

then { permit;

}

}

}

Answer: B

Question No: 13 – (Topic 1)

What is the default session timeout for UDP sessions?

  1. 30 seconds

  2. 1 minute

  3. 5 minutes

  4. 30 minutes

Answer: B

Question No: 14 – (Topic 1)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

In the exhibit, you decided to change my Hosts addresses. What will happen to the new sessions matching the policy and in-progress sessions that hadalready matched the policy?

  1. New sessions will be evaluated. In-progress sessions will be re-evaluated.

  2. New sessions will be evaluated. All in-progress sessions will continue.

  3. New sessions will be evaluated. All in-progress sessions will be dropped.

  4. New sessions will halt until all in-progress sessions are re-evaluated. In-progress sessions will be re-evaluated and possibly dropped.

Answer: A Explanation:

QUESTIONNO: 47

When using UTM features in an HA cluster, which statement is true for installing the licenses on the cluster members?

  1. One UTM cluster license will activate UTM features on both members.

  2. Each device will need a UTM license generated for its serial number.

  3. Each device will need a UTM license generated for the cluster, but licenses can be applied to either member.

  4. HA clustering automatically comes with UTM licensing, no additional actions are needed.

Answer: B

Question No: 15 – (Topic 1)

Click the Exhibit button.

Ensurepass 2018 PDF and VCE

You need to alter the security policy shown in the exhibit to send matching traffic to an IPsec VPN tunnel. Which command causes traffic to be sent through anIPsec VPN named remote-vpn?

  1. [edit security policies from-zone trust to-zone untrust] user@host# set policy tunnel-traffic then tunnel remote-vpn

  2. [edit security policies from-zone trust to-zone untrust]

    user@host# set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn

  3. [edit security policies from-zone trust to-zone untrust]

    user@host# set policy tunnel-traffic then permit ipsec-vpn remote-vpn

  4. [edit security policies from-zone trust to-zone untrust]

user@host# set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn

Answer: D

Question No: 16 – (Topic 1)

Which CLI command do you use to block MIME content at the [edit security utmfeature- profile] hierarchy?

  1. set content-filtering profile lt;namegt; permit-command block-mime

  2. set content-filtering profile lt;namegt; block-mime

  3. set content-filtering block-content-type lt;namegt; block-mime

  4. set content-filtering notifications block-mime

Answer: B

Question No: 17 – (Topic 1)

Which statement describes the UTM licensing model?

  1. Install the license key and all UTM features will be enabled for the life of the product.

  2. Install one license key per feature and the license key will be enabled for the life of the product.

  3. Install one UTM license key, which will activate all UTM features; the license will need to be renewed when it expires.

  4. Install one UTM license key per UTM feature; the licenses will need to be renewed when they expire.

Answer: D

Question No: 18 – (Topic 1)

Regarding fast path processing, when does the system perform the policy check?

  1. The policy is determined after the SCREEN options check.

  2. The policy is determined only during the first packet path, not during fast path.

  3. The policy is determined after the zone check.

  4. The policy is determined after the SYN TCP flag.

Answer: B

Question No: 19 – (Topic 1)

Which two statements about the use of SCREEN optionsare correct? (Choose two.)

  1. SCREEN options offer protection against various attacks.

  2. SCREEN options are deployed prior to route and policy processing in first path packet

    processing.

  3. SCREEN options are deployed at the ingress and egress sides of a packet flow.

  4. When you deploy SCREEN options, you must take special care to protect OSPF.

Answer: A,B

Question No: 20 – (Topic 1)

Which command do you use to display the status of anantivirus database update?

  1. show security utm anti-virus status

  2. show security anti-virus database status

  3. show security utm anti-virus database

  4. show security utm anti-virus update

Answer: A

100% Ensurepass Free Download!
Download Free Demo:JN0-661 Demo PDF
100% Ensurepass Free Guaranteed!
JN0-661 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

This entry was posted in JN0-661 Latest Exam (Jan 2018) and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.